1. Field of the Invention
The invention relates to a storage device and a method of protecting data stored therein, and more particularly to a storage device having a biometrics sensor and a method of protecting data stored therein. The invention also correlates to the commonly assigned patents: (a) U.S. patent application Ser. No. 10/998,722 (US20050144464A1), filed on Nov. 30, 2004, and entitled “MEMORY STORAGE DEVICE WITH A FINGERPRINT SENSOR AND METHOD FOR PROTECTING THE DATA THEREIN”; (b) U.S. patent application Ser. No. 11/115,212 (US20050244037A1), filed on Apr. 27, 2005 and entitled “PORTABLE ENCRYPTED STORAGE DEVICE WITH BIOMETRIC IDENTIFICATION AND METHOD FOR PROTECTING THE DATA THEREIN”; and (c) U.S. patent application Ser. No. 11/332,167, filed on Jan. 17, 2006 and entitled “STORAGE DEVICE AND METHOD FOR PROTECTING DATA STORED THEREIN”.
2. Description of the Related Art
In the prior art, the exhibit, such as an identification card, a driving license, or the like, is the simplest way to represent the personal authentication, and the personal photo, characters and numbers are recorded on the exhibit. However, the identification card can be easily counterfeited, and several criminal acts have been induced accordingly.
An advanced method is to utilize the magnetic-stripe card to record the personal data. Similarly, the advanced technology makes the magnetic-stripe card be easily cracked.
The newest method is to utilize the chip card to protect the personal data. Basically, the password protection is frequently used to protect the personal data of the memory chip. However, using the password to protect the personal data is troublesome because the user tends to forget the password and the password may also be easily copied and attacked.
Meanwhile, the above-mentioned device (exclusive of the chip card) for representing the personal authentication only can execute a single function and a single application.
U.S. Patent Publication No. 2003/0110389 A1 discloses a personal ID electric device similar to a solid-state mobile disk, wherein the device contains encrypted personal data and can be directly connected to the computer system. However, this device has to be enabled after the password is checked and thus encounters the above-mentioned problems. A best way to solve the problem is to provide a complete and effective data protection method based on the authentication of the biometrics features, such as the fingerprint, voice, signature, eye iris, and the like. The advantages are that the biometrics feature is always kept on the user and the user does not need to memorize the feature, the biometrics feature cannot be stolen, and the biometrics feature protection method is strict and very convenient
Recently, owing to the invention of the chip-type biometrics sensor, the miniaturized electrical product incorporated with the biometrics authentication device becomes the technology that can be implemented. The associated technology can be found in the following patents to one of the inventors: (a) U.S. patent application Ser. No. 10/403,052 (US20030190061A1), filed on Apr. 1, 2003, entitled “CAPACITIVE FINGERPRINT SENSOR”; (b) U.S. patent application Ser. No. 10/434,833 (US20030215976A1), filed on May 13, 2003, entitled “PRESSURE TYPE FINGERPRINT SENSOR FABRICATION METHOD”; (c) U.S. patent application Ser. No. 10/414,214 (US20040208345A1), filed on Apr. 16, 2003, and entitled “THERMOELECTRIC SENSOR FOR FINGERPRINT THERMAL IMAGING”; and (d) U.S. patent application Ser. No. 10/638,371 (US20040046574A1), filed on Aug. 12, 2003, and entitled “CAPACITIVE MICRO PRESSURE SENSING MEMBER AND FINGERPRINT SENSOR USING THE SAME”. Thus, span personal applications, such as the portable electrical products with the biometrics authentication function, have been developed.
U.S. Pat. No. 4,582,985 issued on Apr. 15, 1986 has disclosed a personal data protection method, in which the personal data stored in the ID card device is protected by way of biometrics authentication. The protected data stored in the card device can be outputted for the subsequent processing or authentication procedures only after the biometrics authentication procedure passes. The dimension of this device is the same as that of the generally used credit card. This device, which is a completely stand-along biometrics authentication device because the biometrics capture and authentication are performed in the same device, includes a biometrics sensor, an image processing and authentication module, and a memory.
China Patent No. CN1302018A discloses a method of controlling the rights of reading and writing a data storage device according to the biometrics authentication. However, this patent does not clearly disclose the format and interface of this storage device.
Similarly, EP124079A1 also discloses a data protection concept similar to the '985 patent except that the communication interface thereof is a golden finger interface used in a SD card. In addition, the memory device of the '079 patent has a biometrics authentication module, and the data protection concept is the same as the '018 patent. Similarly, US2001/0023375A1 also discloses a method of protecting the data stored in the hard drive or flash disk according to the biometrics authentication.
WO 02/42887A2 patent discloses a data protection concept similar to the '985 patent and '079 patent except that the device of the '887 patent communicates the terminal system through the USB interface. This device is similar to the flash memory hard drive popularized in the current market except for the stand-along biometrics processing and identifying module.
U.S. Patent publication No. 2003/005337 discloses the data protection concept of a stand-along biometrics authentication module, which is the same as the '985 and '079 patents, and utilizes the USB as the communication interface, which is the same as that disclosed in the '887 patent Similarly, the device of '337 patent is also a stand-along biometrics authentication device.
GB2387933 patent also discloses a stand-along biometrics authentication device, which has a concept and device design almost similar to those of the '887 and '337 patents, wherein the biometrics capture and authentication are performed in the same device.
Heretofore, in the above-mentioned biometrics authentication devices, the '985 patent discloses the application to the personal authentication card, while the other patents are only used to protect data.
In addition, the basic requirement of the above-mentioned portable storage devices with the biometrics authentication function is to facilitate the user to connect one of these storage devices to various computer systems. However, even if the USB interface is used, the biometrics related application program still has to be manually executed in the computer system first before it is used such that the computer system can provide a human-machine interface for the user. The conventional method is to provide an optical disk to execute the biometrics related application program and enable the storage device to be used. In this case, each time when the computer systems are firstly set, the user has to carry the portable storage device together with the optical disk so that he or she can use the storage device in other computer systems.
To sum up, the object of the above-mentioned prior arts is to provide a storage device for protecting data stored therein by way of biometrics authentication. When the device is used, the user has to execute the biometrics application software in the terminal system in advance. Thus, the biometrics application program of the storage device cannot be conveniently used in a plug-and-play manner over various computers.
Heretofore, the prior arts have a common feature of providing a stand-along biometrics authentication device including a biometrics sensor, and a biometrics image processing and authentication IC. Such a design is intuitive and easily implemented and there is no need to install the biometrics application program in the terminal system and the convenience of plug-and-play function may be provided. However, the prior art devices have an important problem of the high price because a biometrics image processing and authentication IC and its associated memory components have to be utilized. Usually, the IC is the 32-bit RISC or DSP in order to perform the biometrics authentication effectively. Consequently, the conventional portable storage device with a biometrics sensor has the drawback of high cost.
In order to solve the high cost problem, it is preferred to utilize the microprocessor of the terminal host to execute the biometrics image processing and authentication so as to reduce the cost effectively. However, the prior arts do not provide a definite solution.
If the biometrics image processing and authentication works are to be transferred from the storage device to the CPU of the terminal system, the disclosed device must have the functions of causing the biometrics application program, which includes the biometrics image processing, authentication and encrypting/decrypting sub-programs, and a biometrics matching program, to be automatically run or executed in the terminal system so as to achieve the plug-and-play function and facilitate the usage in any other terminal system. The above-mentioned prior arts, however, do not provide this solution.
Alternatively, as shown in U.S. Patent Publication No. 2003/005337, it is possible to install the biometrics processing and authentication programs in the terminal system. Such a design, however, disables the user from using the device over various terminal systems, or the user has to spend time to laboriously install the driver and application programs first in the terminal systems before using. The conventional method is to provide an optical disk for storing the drivers for the memory and the drivers for the biometrics sensor of the storage device so that the user can install the suitable drivers and enable the storage device to be used. In this case, each time when the computer systems are firstly set, the user has to carry the portable storage device together with the optical disk so that he or she can use the storage device in other computer systems. Although it is possible to download the driver through the network, it is not a convenient way because some computers cannot connect to the network.
Consequently, the inventor of this invention discloses, in the above-mentioned (a) and (b) patents, a method of automatically running a biometrics authentication and application program in a terminal system, wherein the storage device is divided into several regions, and one of the regions is simulated into a CD-ROM such that the terminal system regards this region as a CD-ROM device. The biometrics authentication and application program stored in this region may be run automatically. Thus, the prior art problems of high cost and installing biometrics authentication software in the computer in advance can be solved.
In the above-mentioned patents (a) and (b), the biometrics images are processed and compared in the terminal system. After the comparison passes, a special command is outputted to inform the storage device to open the read/write authority.
Such a design still has some drawbacks. If someone can intercept the special command in the terminal host, the security of the storage device will be cracked because no biometrics matching has to be performed.
To extend the above-mentioned (a) and (b) patents, the inventor further provides a method of protecting stored data, in which the key of the terminal system for opening the storage device is from being intercepted.